Isass.exe - System Error

[lenny]

Hi,
I am getting this error (Isass.exe - System Error) at the start up and also
when I try to start up in safe mode and if I try to start up via the XP Disk
(when I tried to repair install Windows XP) A few seconds into loading
windows a box appears with that error in it and an OK button. When I press
OK the computer restarts and it all happens again.

What can I do to recover my computer. It is a XP Home on a Compaq Laptop.

Any thoughts greatly appreciated.
Cheers
Lenny

 

[Rick \Nutcase\ Rogers]

Hi,

Probably the sasser virus, it causes the lsass error. Please see:

http://vil.nai.com/vil/content/v_125007.htm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.A

To stop the shutdown, click start/run, type "shutdown -a" (without the
quotes) and click ok.

Details on the patch needed to prevent it:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[lenny]

Rick,
I can't click on start/run....... as I am unable to load windows.
Lenny

 

[lenny]

Rick,
I can't click on start/run....... as I am unable to load windows.
Lenny

 

[Rick \Nutcase\ Rogers]

How about in Safe mode, lenny?

How to start in Safe mode:
http://www.rickrogers.org/fixes.htm#Safe mode

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[lenny]

Hi Rick,
Did you not read my original post? I get the same message when I try to
start up normally or in safemode. Both times the computers only allows me to
restart.
Cheers
Lenny

 

[Z]

Hi,
I am getting this error (Isass.exe - System Error) at the start up and also
when I try to start up in safe mode and if I try to start up via the XP Disk
(when I tried to repair install Windows XP) A few seconds into loading
windows a box appears with that error in it and an OK button. When I press
OK the computer restarts and it all happens again.

What can I do to recover my computer. It is a XP Home on a Compaq Laptop.

I've run into this twice and in both cases, not even a repair of Windows
from the CD would work.

This could be either a bad spot on the disk or (more likely) you got a
Sasser infection.

Do you have backups?

 

[lenny]

No I am afraid not. So what should I do now?

I've run into this twice and in both cases, not even a repair of Windows
from the CD would work.

This could be either a bad spot on the disk or (more likely) you got a
Sasser infection.

Do you have backups?

 

[Rick \Nutcase\ Rogers]

Hi,

Sorry, didn't notice that you mentioned already trying it. Is that the full
text of the error message? If you do not click ok, does anything else happen
or does the system just stall at that point? What if you hit
ctrl+shift+escape?

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Z]

No I am afraid not. So what should I do now?

It's imperative that the first thing you do is make a copy of the drive
for safekeeping, or else you risk losing everything.

Do you have a Desktop PC available?

If so, the first thing I'd do is buy an adapter (approx $10 at CompUSA)
and mount the old laptop disk in a Desktop PC with a large hard drive
(enough free space to hold the entire contents of the laptop's hard
drive) and copy all the files to the Desktop's PC hard drive for
safekeeping.

To mount the laptop drive in the Desktop PC, you'll need to open up the
PC and be familiar with the connectors associated with mounting a hard
drive inside the case. You may also need to set jumpers on the laptop's
drive. Are you comfortable with that?

If you use Windows Explorer for the copy task, before you start, go into
Tools > Options > View, check Show hidden files and folders and uncheck
Hide protected operating system files. Make sure you are logged into a
user that is a member of the Administrators group on the Desktop PC.

Once you have that copy made, it may be possible to simply copy a known
good version of LSASS.EXE over the top of the corrupted LSASS.EXE on the
laptop drive. Reinstall the drive in the laptop and see if you can boot.

If that doesn't work, then I think your only remaining option is to
reinstall the O/S on the laptop drive from the CD - make sure you
reformat the entire drive (do not choose Quick Format) during the
Windows reinstall process.

Once the O/S is installed and the accts created, you can then copy the
data you saved from the Desktop PC - that will get you back saved
e-mail, contacts, My Documents and subfolders, but you will have to
reinstall all your 3rd party s/w.

By the way, once you're gotten yourself out of this mess, if the laptop
is running XP Pro, you can use the Windows Backup facility to make
backups to either an external drive or a separate partition (you'll need
to make this decision at XP Install time, when you partition and format
the hard drive).

Good luck.

Oh, one more thing ... if you can, get in the habit of logging into a
limited acct and doing all your work from there, not a fully privileged
acct. Running within a limited acct would have prevented this ...
limited users cannot modify LSASS.EXE (Users only has Read & Execute)

And start running a good AV that will catch Sasser!